iOS: Something goes wrong with re-codesigning on Apple servers

I use a service called Installr to deliver development builds of our apps to testers or other interested parties. You upload the IPA to their site and connect your Apple Developer Portal. When a new person is invited to download the app, Installr goes into your Developer Portal, adds the person’s UDID to the Mobile Provisioning Profile, re-codesigns the IPA and sends it directly to the their device. It’s been working great! Until we just made a new app with 4.8…

Now when someone new is added to the Provisioning Profile, Apple fails to re-sign the IPA. I don’t like to jump to conclusions, but the same certificate and key were used not that long ago on another app that has had no problems. Someone from Installr emailed me and explained that he had never seen the error before.

"From the Apple website, it says:

**Problem: codesign says my main executable failed strict validation.

  • Your Mach-O executable does not conform to modern Mach-O layout rules.
  • You may be using a third party development product that hasn’t been brought up to date, or post-processed your file in unsupported ways." **

This sounds like it’s something about how Unreal has formatted the executable? Can someone please help me? Thanks. The apps work perfectly on devices that were previously added to the Mobile Provisioning Profile. This is strictly a codesigning error on Apple’s end for new devices.

Hi StephaBon,

Are you able to sign the .ipa on a Mac and upload it?

Forgive me. I’m not a Mac user, but I could find one in the office to test this on if you provided instructions. I wouldn’t know what software or anything I would be doing that on.

As for Windows, Unreal was able to sign it (and re-sign it with the iOS tool) with a new Mobile Provision for a new device.

So I just checked the code history, and nothing changed between 4.7 and 4.8 with respect to signing the ipa and the executable. The best way to determine if this is an error with our code or with Installr is to sign it on a mac and see if it works with that ipa as on the Mac we use the Xcode signing tools.
You would need to install the editor on the Mac, install Xcode on the mac, import your certificate and mobile provision from within the editor, and then package as normal.